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DETAILED ACTION 



Response to Arguments 



Applicant's arguments filed February 3, 2004 have been fully considered but they 
are not persuasive. Applicant argues the added limitation, "if it is found that network 
address translations and/or protocol conversions occur in a data path between said first 
computing device and second computing device, makes the distinction clear between 
the applicant's invention and the cited prior art in that the encapsulating from the first 
protocol packet into a second protocol packet only occurs if the translation and/or 
protocol conversion has occurred. Examiner respectfully disagrees and asserts that the 
inclusion of the "and/or" language does not distinguish over the teachings of Nessett. 
First, the inclusion of the "and/or" language provides for the interpretation that either 
both, the network address translations and the protocol conversions are needed, or only 
one of the two are needed to perform the encapsulating step. Because of the inclusion 
of the "and/or" language, the examiner contends Nessett does teach performing 
address translations between two computing devices (see column 12, line 66 to column 
13, line 31). Nessett teaches the router between the two computing devices maintains a 
port-to-internal network address for all the networked devices. When the router receives 
a packet from a sending device it will perform the necessary translations if any are 
needed. Therefore, the examiner maintains the rejection given below. 
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Claim Rejections - 35 USC § 102 



The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(e) the invention was described in a patent granted on an application for patent by another filed in the 
United States before the invention thereof by the applicant for patent, or on an international application 
by another who has fulfilled the requirements of paragraphs (1 ), (2), and (4) of section 371 (c) of this 
title before the invention thereof by the applicant for patent. 

The changes made to 35 U.S.C. 102(e) by the American Inventors Protection Act 
of 1999 (AIPA) do not apply to the examination of this application as the application 
being examined was not (1 ) filed on or after November 29, 2000, or (2) voluntarily 
published under 35 U.S.C. 122(b). Therefore, this application is examined under 35 
U.S.C. 102(e) prior to the amendment by the AIPA (pre-AIPA35 U.S.C. 102(e)). 

Claims 1-23 are rejected under 35 U.S.C. 102(e) as being anticipated by U.S. 
patent 5,6,055,236 granted to Nessett et al. 

Regarding claim 1, Nessett meets the claimed limitations as follows: 
"A method for securely communicating packets between a first computer device and a 
second computer device through a s packet-switched data transmission network 
comprising intermediate computer devices, where at least one of said computer devices 
performs a network address translation and/or a protocol conversion, the method 
comprising the steps of 

determining what network address translations and/or protocol conversions, if 
any, occur on packets transmitted between the first computer device and the second 
computer device, 
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if it is found that network address translations and/or protocol conversions occur 
in a data path between said first computer deice and a second computer device, taking 
packets conforming to a first protocol and encapsulating them into packets conforming 
to a second protocol, which second protocol is capable of traversing network address 
translations and/or protocol conversions , 

transmitting said packets conforming to said second protocol from the first 
computer device to the second computer device and 

decapsulating said transmitted packets conforming to said second protocol into 
packets conforming to said first protocol." see column 7, lines 8-33; column 13, line 32 
to column 38, line 15 and Figure 1. 

Regarding claim 2, Nessett meets the claimed limitations as follows: 
"A method according to claim 1 , wherein the step of taking packets conforming to a first 
protocol and encapsulating them into packets conforming to a second protocol 
comprises the substeps of taking packets conforming to the Internet Protocol, 
processing said packets according to the IPSEC protocol suite and encapsulating the 
processed packets into packets conforming to the User Datagram Protocol." see column 
9, line 63 to column 10, line 4 and column 10, lines 35-40. 

Regarding claim 3, Nessett meets the claimed limitations as follows: 
"A method according to claim 1 , wherein the step of taking packets conforming to a first 
protocol and encapsulating them into packets conforming to a second protocol 
comprises the substeps of: 

taking packets conforming to the Internet Protocol, 
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processing said packets according to the IPSEC protocol suite and 

encapsulating the processed packets into packets conforming to the 
Transmission Control Protocol." see column 9, lines 55-62 and column 10, lines 35-40. 

Regarding claim 4, Nessett meets the claimed limitations as follows: 
"A method according to claim 1 , further comprising the step of compensating for the 
network address translations on said second protocol in the packets that are transmitted 
from said first computer device to said second computer device." see column 15, line 63 
to column 16, line 39. 

Regarding claim 5, Nessett meets the claimed limitations as follows: 
"A method according to claim 4, wherein said step of compensating for said network 
address translations comprises a step of performing address translation based on the 
information obtained in the step of determining what network address translations, if 
any, occur on packets transmitted between said first computer device and said second 
computer device." see column 15, line 63 to column 16, line 39. 

Regarding claim 6, Nessett meets the claimed limitations as follows: 
"A method according to claim 5, wherein said step of compensating for said network 
address translations further comprises a step of performing port number translation 
based on the information obtained in the step of determining what network address 
translations, if any, occur on packets transmitted between said first computer device 
and said second computer device." see column 15, line 63 to column 16, line 39. 

Regarding claim 7, Nessett meets the claimed limitations as follows: 
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"A method according to claim 1 , additionally comprising the step of periodically 
transmitting keepalive packets between said first computer device and said second 
computer device to ensure that the network address translations, if any, occurring on 
packets transmitted between said first computer device and said second computer 
device stay the same." see column 21 , lines 17-19. 

Regarding claim 8, Nessett meets the claimed limitations as follows: 
"A method for conditionally setting up a secure communication connection between a 
first computer device and a second computer device through a packet-switched data 
transmission network including intermediate computer devices, where at least one of 
said computer devices performs a network address translation and/or a protocol 
conversion, the method comprising the steps of: 

finding out, whether or not said second computer device supports a 
communication method where: it is determined what network address translations 
and/or protocol conversions, if any, occur on packets transmitted between said first 
computer device and said second computer device; 

if it is found that network address translations or protocol conversions on packets 
transmitted between said first computer device and said second computer device, 
packets are taken that conform to a first protocol and encapsulated into packets that 
conform to a second protocol, which second protocol is capable of traversing network 
address translations and/or protocol conversions; 

said packets conforming to said second protocol are transmitted from said first 
computer device to said second computer device; 
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and said transmitted packets conforming to said second protocol are 
decapsulated into packets conforming to said first protocol, 

as a response to a finding indicating that the second computer device supports 
said communication method, setting up a secure communication connection between 
said first computer device and said second computer device in which communication 
connection said communication method is employed and 

as a response to a finding indicating that said second computer device does not 
support said communication method, disabling the use of said communication method 
between said first and said second computer devices." see column 7, lines 8-33; column 
13, line 32 to column 38, line 15 and Figure 1. 

Regarding claim 9, Nessett meets the claimed limitations as follows: 
"A method for tunnelling packets between a first computer device and a second 
computer device through a packet-switched data transmission network comprising 
intermediate computer devices, where at least one of said computer devices performs a 
network address translation and/or a protocol conversion, the method comprising the 
steps of: 

establishing a bidirectional tunnelling mode between said first computer device 
and said second computer device by exchanging packets conforming to a secure 
communication protocol, 

taking packets conforming to a first protocol and encapsulating them at said first 
computer device into packets conforming to a second protocol, which second protocol is 
capable of traversing network address translations, 
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transmitting said packets conforming to said second protocol from said first 
computer device to said second computer device, 

decapsulating said transmitted packets conforming to said second protocol into 
packets conforming to said first protocol at the second computer device, 

obtaining information about the address translations occurred on packets 
transmitted between said first computer device and said second computer device and 

using said obtained information to modify the established bidirectional tunnelling 
mode between said first computer device and said second computer device." see 
column 7, lines 8-33; column 13, line 32 to column 38, line 15 and Figure 1. 

Regarding claim 10, Nessett meets the claimed limitations as follows: 
"A method according to claim 9, wherein the step of obtaining information about the 
address translations occurred on packets transmitted between the first computer device 
and the second computer device comprises the substeps of: 

transmitting a packet between the first computer device and the second 
computer device, said packet comprising a header part and a payload part, and 

comparing a network address transmitted in said payload part to a network 
address transmitted in said header part in order to find out what changes have occurred 
on said network address transmitted in said header part." see column 23, lines 30-45. 

Regarding claim 1 1 , Nessett meets the claimed limitations as follows: 
"A method according to claim 9, additionally comprising the step of periodically 
transmitting keepalive packets between the first computer device and the second 
computer device to ensure that the network address translations, if any, occurring on 
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packets transmitted between the first computer device and the second computer device 
stay the same." see column 21, lines 17-19. 

Regarding claim 12, Nessett meets the claimed limitations as follows: 
"A method according to claim 9, wherein the step of using said obtained information to 
modify the operation of the tunneling of packets comprises the substep of introducing an 
address translation before the encapsulation of packets in order to compensate for the 
network address translations that occur on packets transmitted between the first 
computer device and the second computer device." see column 12, line 66 to column 
16, line 39. 

Regarding claim 13, Nessett meets the claimed limitations as follows: 
"A method according to claim 9, wherein the step of using said obtained information to 
modify the operation of the tunnelling of packets comprises the substep of introducing 
an address translation after the decapsulation of packets in order to compensate for the 
network address translations that occur on packets transmitted between the first 
computer device and the second computer device." see column 15, line 63 to column 
16, line 39. 

Regarding claim 14, Nessett meets the claimed limitations as follows: 
"A method for tunnelling packets between a first computer device and a second 
computer device through a packet-switched data transmission network comprising 
intermediate computer devices, in which data transmission network there exists a 
security protocol comprising a key management connection that employs a specific 
packet format for key management packets, the method comprising the steps of: 
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encapsulating data packets that are not key management packets into said 
specific packet format for key management packets, 

transmitting said data packets encapsulated into the specific packet format from 
the first computer device to the second computer device, 

discriminating at the second computer device the data packets encapsulated into 
the specific packet format from actual key management packets and 

decapsulating the data packets encapsulated into the specific packet format." 
see column 7, lines 8-33; column 13, line 32 to column 38, line 15 and Figure 1. 

Regarding claim 15, Nessett meets the claimed limitations as follows: 
"A method according to claim 14, wherein the step of encapsulating data packets that 
are not key management packets comprises the substeps of: 

encapsulating data packets that are not key management packets into a key 
management packet format specified by the Internet Key Exchange protocol which 
defines a certain Initiator Cookie field and 

inserting into the Initiator Cookie field of an encapsulated data packet a value 
indicating that the encapsulated packet is a data packet and not a key management 
packet." see column 32, line 11 to column 33, line 39. 

Regarding claim 16, Nessett meets the claimed limitations as follows: 
"A method for securely communicating packets between a first computer device and a 
second computer device through a packet-switched data transmission network 
comprising intermediate computer devices, where at least one of said computer devices 
performs a network address translation and/or a protocol conversion and where a 
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security protocol exists comprising a key management connection, the method 
comprising the steps of: 

for determining what network address translations, if any, occur on packets 
transmitted between the first computer device and the second computer device: 
establishing a key management connection according to said security protocol between 
the first computer device and the second computer device; composing an indicator 
packet with a header part and a payload part of which both comprise the network 
addresses of the first computer device and the second computer device as seen by the 
node composing said packet; transmitting and receiving said indicator packet within the 
key management connection; and comparing in the received indicator packet the 
addresses contained in the header part and the payload part, and 

using the information concerning the determined occurrences of network address 
translations to securely communicating packets between the first computer device and 
the second computer device." see column 7, lines 8-33; column 13, line 32 to column 
38, line 15 and Figure 1. 

Regarding claim 17, Nessett meets the claimed limitations as follows: 
"A method according to claim 16, wherein the security protocol determines a standard 
port number for a key management connection, and the method further comprises the 
step of comparing in the received indicator packet a source port number against said 
standard port number for a key management connection." see column 15, lines 42-47; 
column 29, lines 23-33; column 30, lines 9-33; and column 36, line 62 to column 38, line 
15. 
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Regarding claim 18, Nessett meets the claimed limitations as follows: 
"A method for securely communicating packets between a first computer device and a 
second computer device through a packet-switched data transmission network 
comprising intermediate computer devices, where at least one of said computer devices 
performs a network address translation and/or a protocol conversion; where a security 
protocol is acknowledged which determines transport-mode processing of packets for 
transmission and reception; and where a high-level protocol checksum has been 
determined for checking the integrity of received packets, the method comprising the 
steps of: 

at the first computer device, performing transport-mode processing for packets to 
be transmitted to the second computer device, 

at the second computer device, performing transport-mode processing for 
packets received from the first computer device, said transport-mode processing 
comprising the decapsulation of received packets and 

at the second computer device, updating the high-level protocol checksum for 
decapsulated packets for compensating for changes, if any, caused by network address 
translations." see column 7, lines 8-33; column 13, line 32 to column 38, line 15 and 
Figure 1. 

Regarding claim 19, Nessett meets the claimed limitations as follows: 
"A method according to claim 18, wherein 
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the step of performing transport-mode processing at the first computer device for 
packets transmitted to the second computer device takes the form of performing 
transport-mode processing as determined in the IPSEC protocol suite, and 

the step of performing transport-mode processing at the second computer device 
for packets received from the first computer device takes the form of performing 
transport-mode processing as determined in the IPSEC protocol suite." see column 21, 
line 1 to column 26, line 35. 

Regarding claim 20, Nessett meets the claimed limitations as follows: 
"A method according to claim 18, additionally comprising the steps of: 

at the first computer device, after performing transport-mode processing for a 
packet to be transmitted to the second computer device, encapsulating the processed 
packet into a packet conforming to a certain second protocol, which second protocol is 
capable of traversing network address translations and 

at the second computer device, before performing transport-mode processing for 
a packet received from the first computer device, decapsulating the received packet 
from the packet conforming to said second protocol and replacing a number of network 
addresses in the decapsulated packet with a corresponding number of network 
addresses taken from the received packet before decapsulation." see column 21 , line 1 
to column 26, line 35. 

Regarding claim 21, Nessett meets the claimed limitations as follows: 
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"A method according to claim 18, wherein the step of updating the high-level protocol 
checksum takes the form of recomputing the checksum for the 
transport-mode-processed packets." see column 23, lines 3-45. 

Regarding claim 22, Nessett meets the claimed limitations as follows: 
"A method according to claim 18, wherein the method additionally comprises the step of 
obtaining information about the network addresses of the first and second computer 
devices before and after network address translations, and the step of updating 
the high-level protocol checksum takes the form of incrementally updating the 
checksum based on the obtained information about the network addresses of the first 
and second computer devices before and after network address translations. " see 
column 21, line 1 to column 26, line 35. 

Regarding claim 23, Nessett meets the claimed limitations as follows: 
"A method for maintaining the unchanged form of address translations performed by 
network address translation devices on encapsulated actual data packets transmitted 
with certain address information between a first computer device and a second 
computer device through a packet-switched data transmission network, the method 
comprising the step of: 

forcing at least one of the first computer device and the second computer device 
to transmit to the other computer device keepalive packets with address information 
identical to that of actual data packets at a high enough frequency so that network 

address translation devices constantly reuse the mappings used for network 
address translation even when a certain fraction of the packets communicated between 
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the first computer device and the second computer device are lost in the network." see 
column 7, lines 8-33; column 13, line 32 to column 38, line 15 and Figure 1. 



All claims are drawn to the same invention claimed in the application prior to the 
entry of the submission under 37 CFR 1.114 and could have been finally rejected on the 
grounds and art of record in the next Office action if they had been entered in the 
application prior to entry under 37 CFR 1.114. Accordingly, THIS ACTION IS MADE 
FINAL even though it is a first action after the filing of a request for continued 
examination and the submission under 37 CFR 1.114. See MPEP § 706.07(b). 
Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 



Conclusion 
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Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Matthew B Smithers whose telephone number is (703) 
308-9293. The examiner can normally be reached on Monday-Friday (9:00-5:30) EST. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gregory A Morse can be reached on (703) 308-4789. The fax phone 
number for the organization where this application or proceeding is assigned is 703- 
872-9306. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-21 7-91 97 (toll-free). 




Matthew B Smithers 
Primary Examiner 
Art Unit 21 37 



